What is the proper organizational role of internal auditing A to serve as an independent objective assurance and consulting activity that adds value to operations?

Following the 2018 update of the Singapore Code of Corporate Governance, the Singapore Exchange Listing Ruleswere also amended that made it mandatory, effective 1 January 2019, for all issuers to “establish and maintain on an ongoing basis, an effective internal audit function that is adequately resourced and independent of the activities it audits.

Internal audit is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operational, financial, compliance and technological processes. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, internal control, and governance processes.

According to the corporate governance framework, the “three lines of defense” model depicts a conceptual delineation of control levels: line controls, second-level monitoring controls and third-line independent assurance.”

Internal audit function takes on the “Third Line role”, and it covers an undertaking of a systematic and risk-based audit of both the first and second lines of defense.

Though the basic tenets of the primary role and responsibility of internal audit should always remain unchanged, the current IA trends is to move away from the traditional internal audit approach and journey toward control self-assessment, risk management and value creation.   

According to the Institute of Internal Auditors, the mission of internal audit is to enhance and protect organizational value by providing risk-based and objective assurance, advice, and insight.

Relationship Between Internal and External Audit

Internal and external audit are complementary functions within the assurance framework that maintain clear boundaries and independence from each other. Both perform very different roles according to their respective international standards and report separately to the Board or Audit Committee. However, internal and external audit should maintain a constructive relationship that ensure appropriate and regular communication and the sharing of information that can be of benefit to the organizations they serve.

Difference Between Internal and External Auditing

External auditors generally provide assurance to shareholders and investors who need to rely on proper conduct of business activities and the production of reliable financial information. The main objective of an external audit are to determine the accuracy and completeness of client’s accounting records, whether the accounting records have been prepared in accordance with the applicable accounting standards, and whether client’s financial statements present its results and financial position fairly.

Internal auditors provide an objective and independent assurance within the governance boundary i.e. reasonable assurance of the overall effectiveness of governance, risk management and internal controls (financial, compliance, operational and technological controls) in the organization to the board of directors, audit committee and senior management. Internal audit thus has a much broader remit covering both financial and non-financial business activities and controls at the strategic and operational levels within the organization.

In Singapore, audited financial statements can only be signed off by a person who is registered or deemed to be registered in accordance with the Accountants Act (Chapter 2) as a public accountant, whereas there is no government regulation requiring that internal audit works are only be performed by a registered person under a specific legislation in the country.

Listed below are some of the key qualifications recognised in the internal audit field in Singapore:

(a) Certified Internal Auditor (CIA)

(b) Chartered Accountant (CA) / Certified Practicing Accountant (CPA)

(c) Association of Chartered Certified Accountants (ACCA)

(d) Fellow Member of the Institute of Internal Auditors (FIIA)

(e) Certification in Control Self-Assessment (CCSA)

(f) Certified Financial Services Auditor (CFSA)

(g) Certified Government Auditing Professional (CGAP)

(h) Certification in Risk Management Assurance (CRMA)

(i) Certified Fraud Examiner (CFE)

(j) Certified Information Systems Auditor (CISA)

Source: Internal Audit Disclosure Guide

Interaction Between Internal and External Audit

As a general principle, external auditors are able to use evidence and reports from the internal audit works to inform their understanding of the organisation and its control environment to help assess the risks of material misstatement. In Singapore, external auditors are permitted to use the works of internal auditors in accordance with the revised Singapore Standard on Auditing SSA 610 (Revised 2013).

From the perspective of internal audit’s practices, Standard 2050 of the IIA Global International Standards for the Professional Practice of Internal Auditing (International Standards) states the following:

“The chief audit executive should share information, coordinate activities and consider relying upon the work of other internal and external assurance and consulting service providers to ensure proper coverage and minimize duplicate of efforts”.

International Standards for the Professional Practice of Internal Auditing

Internal auditing is conducted in diverse legal and cultural environments; for organizations that vary in purpose, size, complexity, and structure; and by persons within or outside the organization. While differences may affect the practice of internal auditing in each environment, conformance with The IIA’s International Standards for the Professional Practice of Internal Auditing (Standards) is essential in meeting the responsibilities of internal auditors and the internal audit activity.

The International Professional Practices Framework (IPPF) is the conceptual framework that organizes authoritative guidance promulgated by The Institute of Internal Auditors (IIA). A trustworthy, global, guidance-setting body, The IIA provides internal audit professionals worldwide with authoritative guidance organized in the IPPF as mandatory guidance and recommended guidance.

Together with the Code of Ethics, the Standards encompass all mandatory elements of the International Professional Practices Framework; therefore, conformance with the Code of Ethics and the Standards demonstrates conformance with all mandatory elements of the International Professional Practices Framework. For more details, read Professional Guidance.

SGX RegCo has published a Regulator’s Columnto provide guidance on its expectations of the IA function of listed issuers based on the Institute of Internal Auditors (IIA) ‘s Three Lines Model:

1) a Governing Body which retains accountability to stakeholders, sets strategic directions and maintains oversight from regular reporting to ensure that governance, risk management and internal control processes are effective;

2) a Management which maintains the appropriate internal structure for governance and process to manage operational and compliance risks, in support of the delivery of company’s objectives; and

3) an IA function, being the third line role, which is accountable to the Board and provides assurance that the company’s governance structures and risk management procedures continue to be effective and adequate.

The IIA has also provided authoritative guidance for IA professionals worldwide via the International Professional Practices Framework (“IPPF”).

The 10 Core Principles of the IIA’s IPPF are as follows:

1. Demonstrate integrity.

2. Demonstrate competence and due professional care.

3. Is objective and free from undue influence (independent).

4. Align with the strategies, objectives, and risks of the organization.

5. Is appropriately positioned and adequately resourced.

6. Demonstrate quality and continuous improvement.

7. Communicate effectively.

8. Provide risk-based assurance.

9. Is insightful, proactive, and future-focused.

10. Promote organizational improvement

As mentioned in the Regulator’s Column, SGX Listing Rule 719(3) and Practice Guidance 10 of the CG Code echo Principles 2, 3 and 5 of the IPPF.

SGX RegCo will continue to provide guidance and work closely with IIA Singapore, an affiliate of the the global IIA, and the only professional body dedicated to the advancement and development of the internal audit profession in Singapore. The focus of this collaboration will be on enhancing the state of internal audit for listed companies in Singapore.

Copyright 2022. Mckell Risk Management Pte. Ltd. All rights reserved.

What is the proper organizational role of internal auditing?

What is the proper organizational role of internal auditing quizlet?

What are the duties of the internal audit Department in terms of independence and objectivity?

Why is it important for the internal audit function to be independent from the functions that it audits?